Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
From someone who works in IT, it does seem a bit excessive, especially when shorter, more complex passwords are not more secure. A much better solution would be longer passwords. Or enabling 2FA, such as an authenticator app or text to your phone when you try to log in.
While I completely agree with you concerning two-factor authentication (2FA) or longer passwords as opposed to shorter complex passwords the default security complexity requirements in most servers were placed there to deter passwords such as (password, monkey, nameofindividual, etc). I have worked in IT for many years as well and when given the opportunity many end-users will go for ease of use over even the simplest of security any chance they are given.
Worst idea my IT department have is to force everyone to change their password every 90 days. That DEFINITELY forces people to use very simple passwords like name of family member plus a number that you just raise by one every time you change it. No way in hell I'm going to spend time coming up with a long and complex pw and then memorize it just to be forced to change it after 90 days...
Right, I understand why password rules exist. I also understand why password, monkey and nameofindividual are all terrible passwords. My point was not that there should be no password restrictions at all. My point was that the type of password many sites and enterprises generally recognize as safe, a short password with a few special characters, is largely ineffective today. With the availability of hashed password databases and very cheap computing time, a standard "secure" enterprise password is trivial to crack. My first job in corporate IT was desktop support. There were only a handful of users who did NOT have their current password, along with their last few, written down somewhere. It doesn't really matter how resistant your company's passwords are to bruteforce cracking: if the janitor can log into the computer just by walking in and steal your company's trade secrets, your password policy has failed.
Corporate IT security has had a pretty bad track record over the past decade or so. If you want proof, look no further than all the data breaches of high-profile corporations who should know better. We need a different approach to password security and hygiene. Short and complex passwords are not the answer, and I think people are getting tired of the security theater.
This is accessing testing results on my home aquarium. I’m not accessing the pentagon remotely.
Insanely silly... As are most similar requirements. They make passwords harder to remember and beg for serialization every time you are forced to change it.This is excessive IMO